The right remedy

Halim Belkhatir suggests that prevention is better than cure when keeping down the cost of compliance.

What do you do when the 'check engine' light comes on in your car while you are driving down the road? Do you need to immediately pull over and call a tow truck? Probably not, but you should get the engine checked and the issue resolved as soon as possible. If you address it in a timely manner, it may be a routine repair. However, if you ignore the light and keep driving day after day, you may cause serious damage to your engine, resulting in an expensive repair or replacement. It's the same principle with data centre compliance. Achieving and maintaining compliance with government regulations and industry standards can prevent  a small issue from causing major damage to your company's financial well being or reputation due to security breaches and outages. These actions can apply to Sarbanes-Oxley 404, Statement on Auditing Standards (SAS) 70, Personal Card Identification (PCI), Health Insurance Portability and Accountability Act (HIPAA), Basel II, and other regulations and standards.

Achieving and maintaining compliance can help your organisation avoid the high cost of recovery and repair that goes along with unfavourable audit findings or having your business compromised. Some companies have had breaches that have resulted in losses of millions of dollars. Practicing continuous compliance is also vital to ensuring credibility and profitability. Have the right controls, know when people aren't following the rules, and find out where and why this is happening. IT control deficiencies are the most costly and difficult to identify and, therefore, bring into compliance. The key is to focus on prevention while taking advantage of automation to lower compliance cost. The below best-practice approach provides a roadmap for achieving continuous data centre compliance. 

Definition and Goals: Start with your vision, and a clear definition of compliance and the compliance goals you want to achieve. Firstly, create a compliance definition, making sure to address security, configuration assurance and verification support. Then establish your compliance goals, covering off standardisation, accountability, transparency and measurability.

Implementation: Automation is critical for ensuring continuous compliance with policy-based operations. There are three parts to the implementation step: choosing and implementing a governance framework, identifying and implementing controls and adopting a platform to ensure continuous compliance.

Measurement: Along with implementing the platform and controls, you need to put a mechanism in place to measure performance so that you can assess the effectiveness of the implementation. The specific metrics you choose will depend on your organisation and the particular compliance objectives.

Enforcement: Maintaining continuous compliance is critical. Look at deviations to determine if they are more prevalent on a particular platform, role, or service. Investigating these areas guides you in applying resources to correct the deviations and ensuring that systems are always operating according to policy.

Monitoring: Monitoring is about providing insight into whether your environment is becoming more or less compliant and reporting any findings to management. It shows you how well controls are working and what activities are taking place. Management reports provide data for creating scorecards and identifying trends.

Just as spending what's needed to keep your automobile in good repair will improve its overall value, making an investment to implement these best practices for a continuously compliant data centre will ultimately improve the value of IT to the business. The effort you invest in these best practices will pay many dividends beyond compliance. To assist you in this effort, automated processes and tools help to eliminate human error, free up staff time, and bring greater stability to your IT infrastructure. All of these benefits can translate into lower costs, greater efficiency, and a good corporate image with customers - benefits that will position your company to compete more effectively now and when the economy rebounds.

Credit text

For more information about BMC solutions to help maintain continuous compliance, visit www.bmc.com/bsm.

Halim Belkhatir leads BMC Software's Middle Eastern sales operations. He has 12 years of international sales and sales leadership experience and speaks four languages (French, English, Arabic and Spanish). He has a strong business and technical understanding of industry trends, demonstrating in-depth knowledge of cloud computing, data Centre operations, grid, networks, IP voice and telephony and management software.